Recorded Webinar: ICANN 65 Insights from Marrakech

ICANN 65 Insights from Marrakech

Join us as we take a look back on the ICANN 65 policy forum in Marrakech, Morocco, including the discussions on internet policy development, outreach, and community networking.

Expert Gretchen Olive, CSC director of Policy and Industry Affairs, will relay what she learned at the June 24 meeting, including her insights on the increasing competition on the web, and the latest domain name and brand protection developments. As always, she'll also share best practices for internet brand protection strategies.


ICANN 65: Insights from Marrakech from CSC

Webinar Transcript:

Disclaimer: Please be advised that this recorded webinar has been edited from its original format, which may have included a product demo. To set up a live demo or to request more information, please complete the form to the right. Or if you are currently not on CSC Global, there is a link to the website in the description of this video. Thank you.

Annie: Hello, everyone, and welcome to today's webinar, "ICANN 65: Insights from Marrakech." My name is Annie Triboletti, and I will be your moderator.

Joining us today is Gretchen Olive. Gretchen is the Director of Policy and Global Domain Name Services for CSC. For nearly two decades, Gretchen has helped Global 2000 companies devise global domain name trademarks and online brand protection strategies and is a leading authority on the Internet Corporation for Assigned Names and Numbers New gTLD program. And with that, let's welcome Gretchen.

Gretchen: Thank you, Annie. Well, as usual, we have a full agenda, so we're not going to delay. As usual, we'll do a quick ICANN overview. I do see a few new names, which always is exciting to see. So we want to make sure everybody understands kind of who ICANN is and how they're structured and how things kind of flow through that structure.

Then we'll jump right into all the key policy updates. We'll talk a little bit about the timing of Round 2 of the New gTLD Program and also hopefully have enough time to talk about a few other kind of announcements and happenings at the ICANN 65 meeting.

So first of all, ICANN, that's Internet Corporation for Assigned Names and Numbers. As we often remind everybody, this is a consensus policy organization. And so consensus is one of those things that it's hard fought. But the organization is made up largely of volunteers. There are some paid staff. There are paid staff at ICANN, but a lot of the folks that are in the boxes below those kind of the Board of Directors, these people are volunteers. Some come from organizations that obviously have a stake in internet governance. But the blue boxes are supporting organizations. The gray boxes are advisory committees.

Really the two groups that we predominantly talk about in the ICANN webinar series is the GNSO, which is the Generic Name Supporting Organization. And that's where you'll see, you know, anything from business users, intellectual property holders to registries and registrars.

And then we also often talk about the Governmental Advisory Committee or the GAC. You'll see them in kind of the dark gray box, all the way on the right-hand side.

So all these groups kind of work to develop . . . the blue boxes kind of work to develop policy from a bottom-up process. It's a multi-stakeholder model. And as those policies kind of bubble up through these different supporting organizations, then they are reviewed and approved by the Board of Directors of ICANN.

So it's somewhat, you know, complicated structure. But when we often refer to the ICANN community, this is the group we're talking about.

So ICANN meetings, the public meetings happen three times a year. And we're now in the . . . we're talking about the June meeting that happens each year. And this is what they call the policy forum. This is really, it's a shorter format, but it's really kind of focused on doing policy work. There's not a lot of the pomp and circumstance and sort of additional sessions about, you know, what ICANN has accomplished, etc. This is more just the working groups and the different policy issues being discussed across the community. So it's always, I have to say, probably my favorite format of the year. So let's jump into the key policy updates.

We're first going to talk about the expedited policy development process or the EPDP Phase 1 and 2. As many of you who have attended these sessions before know, there is no limit to the number of acronyms that ICANN has. And so, you know, I try to spell them out so that everybody knows what exactly we're talking about. So when you see EPDP referenced, that's the expedited policy development process. And this is the first time the EPDP has been used by ICANN, which is something kind of remarkable when I think about it.

You know, I started kind of being an ICANN participant back in 2000. And, you know, since then, so it's been almost 20 years, since then they've never used this EPDP process. So this is something that was necessary to invoke as a result of the GDPR. Another acronym, but not an ICANN acronym. The GDPR is the General Data Protection Regulation. So this was a regulation that replaced the Data Protection Directive in Europe, and basically, it is really . . . its intent was really to harmonize all the data privacy rules in Europe.

When the directive happened back in the mid-'90s, what happened after that is each country then went and passed national laws. And so while similar, there was a lot of differences. And so it was often difficult to kind of reconcile the different data privacy laws and kind of rules of the road, if you will, in dealing with personal data in Europe.

So the GDPR really aims at trying to harmonize that, put a nice big umbrella over it. And then the good thing about a regulation is that there's no national laws that need to go get promulgated. So that's really good news.

And everybody knows, at this point, because we've all been living through this first year of GDPR, it did become enforceable in May of 2018. And one of the reasons or the reason that we talk about the GDPR in the context of ICANN is it really directly conflicts with ICANN legacy WHOIS Policy.

So, you know, one of the things that I think is both a blessing and a curse sometimes, it depends on what your perspective is, is the WHOIS is public. It's required by all the gTLD registrars and registries to publish that WHOIS and make it available.

So that's been something that people have come to rely on. And it could be anyone from, you know, IP rights holders to people who do security research, to law enforcement, you name it. There's lots of different groups and people who rely on WHOIS to be a data point perhaps. You know, maybe not the data point, but a data point in trying to piece together a puzzle, identify an infringer, identify a fraudster, see some kind of pattern in terms of who might be behind some action on the internet.

So when the GDPR went into effect, it took a little while before . . . when it was promulgated, which was back in 2016, there was kind of a two-year ramp-up period. And it took some time in that two-year ramp-up period I think for the ICANN community to really recognize that, oh, no, ICANN's WHOIS Policy, which is in the contracts of all the registrars and registries, is in direct conflict with GDPR.

The GDPR really, you know, works to protect that personal data. And personal data is pretty broadly defined under the GDPR. And so everything, you know, I think obviously a name or an email address, you can say, "Okay, I understand how that's personal data." But sometimes even a fax number or a title, things like that can be considered personal data under GDPR. So it was a pretty broad definition. And so it took until, you know, into 2017, into really 2018 for the ICANN community to realize this was going to be a problem. To that point, somehow, some way ICANN continued to navigate the different conflicts with national law. But there wasn't this like kind of overarching law, like the GDPR, where it was going to be a problem across basically every country in Europe.

So this process was challenging. There were a lot of, you know, kind of, I would say a lot of time was spent trying to really understand what the GDPR was. Not everybody in the ICANN community are lawyers. You know, a lot of them are technologists, or it's just everyday internet users. And so it took a while for the community really to get their arms around what the GDPR was, what it wasn't, what was permitted under that. And there was some ambiguity there that also needed some further discussion with regulators.

So by the time this was getting to the point where actually it was going to be enforceable, in May of 2018, the clock was running out. And there wasn't enough time to really create a whole new ICANN consensus to its policy.

So there was something called the Temporary Specification that was put in place, that provided a waiver really to registries and registrars in terms of publication of personal data in WHOIS, and it also then caused ICANN to trigger this expedited policy development process for the first time in its history.

And a policy development process in ICANN can sometimes take two to four years. I mean, that's one of the big criticisms of ICANN is that in many ways people feel like it moves at a glacial pace. Technology is so fast. The internet is so dynamic. But ICANN is something that kind of lumbers along.

And I think having had the perspective kind of being an observer and a participant for almost 20 years, I can say it has improved. There have been some efficiencies gained. But as I mentioned, at the top of the webinar, is that consensus is really hard to achieve. And being a kind of bottom-up consensus policy, multi-stakeholder model, you have a lot of divergent opinions and perspectives at the table on any one issue. And so it takes some time to get through a policy development process.

Now, with the EPDP, it's actually mandated that the PDP be completed within a year. And in all my time at ICANN, I've never seen a PDP go a year, even for what would appear to be the simplest issue. People say, "Oh, this should be a slam dunk." It takes way more than a year.

So this was a tall order. But the good news is that, at the end of the day, it actually worked. And we'll talk a little bit more about that.

So that Temporary Specification that ICANN had to put in place, as I mentioned, really changed, made significant redactions to the WHOIS contact data, sometimes referred to as the social data within the WHOIS. So if you ever look at a WHOIS record, you'll see there's lots of information there about the domain, like when it was registered, when it will expire, what its DNS is, who the registrar is, all that type of stuff. That's sort of domain-related data.

But then you have what's called the social data or the contact data, which is, you know, your registrant, admin, technical, billing and their kind of name, address, phone number, email, and that's where you get into trouble with personal data. So that significant redaction really, I think, while we talked about it for probably a year leading up to the beginning of the enforcement of the GDPR, I think it's really been over the last eight or nine months of people are like, "Wow, this has had a greater impact on sort of our overall day-to-day, our overall operations, our overall processes, particularly in the security and fraud investigation area." The WHOIS is a very significant component to that research and sort of that kind of backtracking, and it's causing a lot of concern that that is missing and trying to figure out how do legitimate third parties or parties with legitimate interests get access to that data, if that's at all possible. So we'll talk more about that in a few minutes.

But this WHOIS thing is something that's been debated, just WHOIS policy overall, even though there's been consensus policy in place. I can remember my very first ICANN meeting, sitting in a room with about a total at the meeting maybe 150 people and debating WHOIS policy. It's always been a very controversial thing. You know, to a lot of registrars, that's their customer list. To researchers, that's data. To privacy advocates, that's too much information. You can see, it's just everybody comes at it with a different perspective. And so it has been a really hotly contested issue that's never really gotten resolution and kind of trying to assess how quickly we could get through a policy development process. I think it was very wise at the beginning to kind of break this into two phases.

And so the EPDP team kind of created Phase 1 and Phase 2. Phase 1 was really about the collection and handling of WHOIS contact data and requests for WHOIS data. And that was the part that was subject to the one-year deadline to come up with kind of recommendations or policy prescriptions around that aspect of it.

Then sort of the access to WHOIS data by registrars, registries, ICANN, and other third parties was really seen more as implementation and not as much policy. While there will be some policies that will be needed to either be . . . existing policies that may need to be changed or updated or new policies created to support the implementation, Phase 2 really was viewed as sort of the implementation component of EPDP and, therefore, came outside, to be done outside that initial one-year kind of time limit.

So on the good news front, the EPDP Phase 1 team did issue a final report in February 2019, actually in advance, before the main deadline, which was fantastic. That group really did amazing work. They were meeting 30 hours a week for months to try to get to that point. And there were some big roadblocks. And, in fact, ICANN needed to bring in mediators to help the team get through some of the discussions and debates because, as in the past, people had their position, they dug their heels in, and they weren't budging.

But ultimately, they were able to get to a final report, which had 29 recommendations. The public comment period ran through mid-April. And then the ICANN Board actually adopted 27 of the 29 recommendations without change in mid-May of this year. The two recommendations that didn't get adopted without change was Recommendation 1 around purpose and Recommendation 12, which was around the deletion of the organization field in the WHOIS. So there'll be more about that as we move through this process.

So with that Phase 1 kind of policy development under our belt, what happens in the ICANN world is once sort of the policy gets approved by the Board, then an Implementation Review Team gets created. And in this case, both an Implementation Planning Team and an Implementation Review Team have been formed. So let me explain what the difference is between those two.

The Implementation Planning Team is actually made up of ICANN staff. They're the folks who are really going to be facilitating how these recommendations actually get implemented, the processes, the templates, the communications, all that stuff that needs to happen within the ICANN world to get this policy out and implement it across the ecosystem.

The Implementation Review Team is made up of people from the community. And they're there, they need to have a solid background in these issues. And they're there to support the Implementation Planning Team and really serve as, you know, help to clarify the experiences in the community. The recommendations are just that. They're not written in policy language. That's part of what ICANN will do is we'll kind of write the policy, the actual policies. The Implementation Review Team will really help kind of shape that, so that it is in the language and in the kind of operational workflow of how the ecosystem actually works. A lot of times something may look good from a written policy. But that's not how the domain system works. It's not how registrars and registries interact. You have to kind of have an operational knowledge of how everything happens.

So these two teams will be working together to achieve the implementation of this new basically registration data consensus policy. So there's a lot of hard work ahead. These two teams are really in the process of doing what's kind of called the requirements analysis. But before they jumped into that, you'll see this kind of . . . they were calling this the rainbow diagram, which was kind of interesting. But this kind of timeline diagram kind of shows you how this is projected to map out in terms of timeline.

So the Board adopted the 27 of the 29 recommendations as is, and then 2 would change. The team then had to issue an interim policy, because what happened at the close of that year, from when the temporary specification was issued, that temporary specification was also good for just one year. So if they hadn't gotten to the finish line in time, there would have been a little bit of a crisis. But we didn't have to face that, which is outstanding.

What happened, though, is this IPT and IRT issued this interim policy that basically said, "All right, for the most part, what was in the temporary specification is going to continue while we work through the implementation of the recommendations." And so the interim policy was issued in late May, and now we're in kind of a really kind of heads down working phase of trying to do implementation planning, trying to gather public comment. There will be a public comment phase of this, and then sort of a finalization of the actual policy language.

So that's all. Everybody is kind of hoping that that gets done really by the next ICANN meeting, a little bit afterwards. So that is in October, November. There's a lot of work to do between now and then. And then it'll be on to kind of policy implementation. And the hope is to be completed with that by into February of next year, where that will be in full effect.

So it's very aggressive. It's very optimistic. I am going to say I am more optimistic than I have been in the past. I think these teams have shown that with the focus that they've put on it and the energy and time that they've dedicated to everything that it is possible. But like everything in the ICANN world, there's always a chance for delay. I don't think it's going to be years. It may be months. So we'll continue to watch this space. But certainly a lot of heavy lifting to come.

Now, one of the things you just also I think keep in the back of your mind is this is kind of going on and we'll continue to update you, and that is that there is a recognition that this new policy, this new registration data consensus policy is going to have kind of a ripple effect, that there are other consensus policies within the ICANN world that they all kind of link to each other. It's a little bit of a fabric. It's one of those things where I think when you're new to the ICANN policy space, it's one of the most confusing things is that there's no place where you just kind of . . . you'll read a policy document and you go, "Oh, great." No, you have to kind of read it, and then you've got to read alongside another one and then that takes you to another one and then that takes you to another one. And then you've got to kind of think about them all together. It is a little bit of a kind of a tapestry.

But these are some of the policies, just sort of at first blush, that are thought, that are expected to be affected in some way. And so what that will likely trigger is some additional policy work on these other policies. Now, that additional policy work won't hold up completing this work. But I guess the point I'm trying to make is there's going to be a little bit of a domino effect here is that once this new registration data consensus policy gets into place, there's going to kind of be some additional housekeeping is going to need to be done.

And so the volunteers within the ICANN community are going to . . . it's going to be a big strain, basically, to try to get a lot of this work done, because it is one of those things where there's only so much bandwidth, right? There's only so much air in the room for everybody to focus and to kind of contribute. And so it will be . . . I think we'll be talking about this long after a year from now I guess is the point I'm going to make here. So more to come on that.

In addition to ICANN consensus policies that will be impacted, there are also ICANN procedures that will likely be impacted. And it's a smaller list, which is good. Some of the work is already actually being contemplated as part of ongoing PDP. So that's good news. But there will be some changes to processes that the community has really become used to, reliant on. So, again, watch the space for more updates on that. But this is a major change. And I think that's one of the reasons why the WHOIS policy has always been one of the things that everybody is afraid to pull the thread on, because once you do, it just sort of goes on from there. But it's high time that this happens.

It's terrible that it's had to been a fire drill. But I think, I'm hopeful that when we get to the end of this process, that we're actually going to have a WHOIS policy that serves the best interest of the community. So we'll see how that ends.

Let's talk a little bit about EPDP Phase 2, since Phase 1 seems to be chugging along. Phase 2 officially began in May after the ICANN Board adopted the 27 of the 29 recommendations. The Phase 2 team is made up of some people from Phase 1. There are some newbies, including the Chair. I think this team is still trying to find their footing. During this ICANN meeting, some of the working meetings that I attended, it's still a lot of kind of circular conversation going on and definitely some, I would say, in-fighting or battling that's going on that we saw in the EPDP Phase 1.

There's a recognition that they are too going to need mediators to kind of get through some of this stuff. I know it sounds really harsh. It's almost like, "Can't everybody just get along?" But again, people come from a very different perspective, very different areas of the ecosystem. And they are pretty hardened in their position. So it does I think take professionals to kind of get them to inch closer together.

So the team will be working on answering some charter questions and drafting policy recommendations based on a system for standardized access and disclosure. So what do I mean by that?

So the vision right now is that there's actually what's called a unified access model. And so that would be where there would be one central place for gTLDs. Third parties would bring legitimate requests for WHOIS information, for additional WHOIS information. The WHOIS, as we've known it in the past, will no longer exist. There will be, however, the vision is that there will be some opportunity to get to greater information than what exists today, which is largely domain data and virtually no contact data unless a company voluntarily wants to publish it. And some brand owners do, because it's the way they kind of defend their trademark rights. But for the most part, a lot of the WHOIS is dark.

And so, you know, there needs to be a mechanism for legitimate purposes to get to that additional information. Right now it's a very haphazard, very kind of registrar by registrar, registry by registry process. It's not working. People are very frustrated. Some registries and registrars have very defined processes. Some it seems like any request goes into a black hole. There's no governance over those processes. There's no oversight over those processes. There's no SLAs. And it is extremely frustrating for people who are trying to do everything from enforce their IP rights to find fraudsters on the internet or track down bad actors.

So the vision right now is for this unified access model. ICANN has kind of raise their hand and said, "We're willing to be that central point where those requests come. And then we'll have sort of a technical solutions, potentially, that can help route it through the system to get the WHOIS data from the registrar or the registry, whichever is appropriate, depending on the gTLD, and then get that back to the requester."

There is an open question as to whether or not the DPAs in Europe are comfortable with that. The DPAs are the data protection agencies or officers for each country. And there's an ongoing dialogue between ICANN Executive Team, particularly Goran Marby who is the President and CEO of ICANN, and the DPAs to understand if that is something they see as a proper way to kind of deal with these requests under the GDPR.

So that's a very key question. If the DPAs come back, the European Commission come back and say, "No, we don't think that's right. That's just kind of not in alignment with GDPR principles," I think that's going to be a major setback. But I think, right now, things are looking good. So we'll continue to watch that. So they're going to continue to work on trying to figure out what's the best system for this standardized access and disclosure.

So you've seen this diagram if you've been on this webinar series before. This is a very ugly diagram. It is one that I think, though, kind of gets everything on one page. It's something that ICANN has put together. And I think it's really kind of hard to describe all this. But it really describes sort of the changes in WHOIS as well as how ICANN could, perhaps, act as that sort of central point to make these requests. So we'll continue to watch and see if this is the mechanism and the process and sort of the structure that we wind up using.

The EPDP Phase — that should be Phase 2 and Phase 3 — which is that standardized system for WHOIS access/disclosure, this is the projected timeline right now. And there's a lot of angst around the timing of this for very obvious reasons. Right now, the hope is that somewhere in Q1, there would be the development of the final report. I do think this work group is, again, having challenges. And so unless those kind of mediators get in there and really get the team moving and kind of all rowing in the same direction to come up with recommendations, I think that could be at risk. I was talking to one of our clients the other day, and I think the way I would put it at this point is the next couple of months are really critical. If they don't overcome some of their baseline issues and ability to kind of not talk in circles, but actually each meeting take a step forward, if that doesn't happen in the next couple of months, I think that Q1 date is in serious jeopardy.

There is not a hard requirement that they meet this deadline. Unlike the Phase 1 team had that hard deadline of a year, this team doesn't have a hard kind of regulatory deadline. However, the Governmental Advisory Committee, which I pointed out in that first diagram, kind of organizational diagram at the top of the webinar, that's the group made up of ministers or representatives of ministries from different governments across the globe. I think it's close to 200 at this point. They kind of come to ICANN meetings and participate in ICANN on behalf of their governments to provide advice to the ICANN Board. And it's evolved into a kind of guidance to the ICANN community to say, "Hey, the direction you're going in is kind of against public policy considerations that we would have as a government in terms of protecting our residents."

And so many in the Governmental Advisory Committee have been very vocal. It started the last meeting, and it was really loud and clear this meeting that there is an urgency to get this figured out. That especially for security reasons, the WHOIS, access to WHOIS is needed, and ICANN needs to get this job done. So there's a lot of pressure, but not a hard kind of regulatory deadline. So this will be a timeline that everybody will be watching very closely.

So that's all the EPDP fun, which is something that I know has been on a lot of people's minds. But let's now turn to another PDP that's going on simultaneous, and that's the rights protection mechanisms or RPMs PDP. This PDP came about on the back of the New gTLD Program Round 1.

So as everybody will recall, back in 2012, ICANN opened up a window of application for people to come forward and apply for new gTLDs. There were 1,409 unique strings that were applied for. I believe it was like 1,920 applications overall. It far surpassed what ICANN expected.

The first round, kind of the whole evaluation of applications and kind of moving TLDs to launch has had a very bumpy ride. And so as the close of sort of that, I would say the evaluation of applications started to really tail off, there was a real recognition and something ICANN promised the GAC, in fact, the Governmental Advisory Committee a real need to evaluate certain components of the program, and one of it was the rights protection mechanisms.

Everybody wanted to make sure, "Did we get it right? Or if some of these new rights protection mechanisms, that were put in place for the first round, were they the right ones? Did they work? Did they not work? Do they need to be improved?"

So the RPM has been going on for quite some time. The PDP is being conducted in two phases. As I mentioned before, it covers all rights protection mechanisms which were applicable to the first round or the New gTLD round that happened in 2012.

And you can see here, the different components of it. So looking at the trademark post-delegation dispute resolution procedure, that's the TMPDDRP — yes, that is a long acronym — the Trademark Clearinghouse, the TMCH, Sunrise and Trademark Claims services, as well as the Uniform Rapid Suspension dispute resolution procedure.

So Phase 2 is focusing more on reviewing the Uniform Dispute Resolution Policy, which is a UDRP, which is something that was a rights protection mechanism in this first round of new gTLDs, but actually has existed since 1999 and has been in place for gTLDs. So it's an existing rights protection mechanism that was, you know, carried over into the New gTLD Program. And so they want to do an evaluation review, I should say, of the effectiveness of UDRP and the new gTLDs as well.

So where are they? They have completed the preliminary review of three of the components. Right now, they have two sub teams that have been working hard at reviewing the Sunrise and Trademark Claims services. These two sub teams, one is focused on the Sunrise component of the launch. And the other sub team is focused on the Trademark Claims process. And they have some recommendations they've kind of arrived at as a team.

So basically, it appears to be consensus driven, that the recommendations that there be no change the 30-day start date and 60-day end date Sunrises. So for those of you who have participated in any of the new gTLD launches, you'll know some of them they announced the launch, and it's kind of first come, first serve or that's the start date one, or it's a 60-day end date where basically they take all the applications for 60 days, and then at the end award the Sunrise names that are and then deal with any contentions.

So they think those two options should remain. They also recommend that Sunrise should continue to only allow registrations of domain strings that exactly match trademarks and not allowing variations or trademark plus term, things like that, that Sunrise should truly be for those exactly matching strings.

Some things that they're recommending that kind of need more work, if you will, is that there's a feeling and I strongly believe that there was some registries out there, some of the new gTLD registries that circumvented, let's just say that, circumvented the Sunrise process or Sunrise RPM in how they handled certain aspects of the rollout of the TLD. You know, some of the reserved and premium names, the way they were kind of withheld and then released post-Sunrise period, some of those reserved and premium names matched trademarks. And, in some cases, there was no kind of Sunrise for that subsequent release. So that's an example of where I think there was some circumvention of the Sunrise RPM and the protections for trademark holders. So these are things that need to be addressed, need to be tightened up as it relates to Sunrise.

And then on the trademark claims recommendations, I think there's definitely a consensus that the claim notice needs to be improved. It needs to be available in multiple languages. English is not the language spoken by everybody. It needs to be clear. There needs to be kind of less legalese and more kind of understandable language for all, with a little bit more specificity. However, they also feel that the trademark claims process is a good one, and it should continue to apply to all types, whether it be opened, closed DO community, all types of TLDs and also continue to be active for 90 days.

So we should see that, those recommendations as part of the overall RPM PDP team's initial report. They had hoped to have that for end of June. Then as this meeting kind of happened, they said, "Well, we're going to need a few more weeks, a couple more meetings. We hope by end of July.”

So we'll continue to watch when that comes out. And really once that comes out, it's kind of an initial report, there's public comments. Then there's a final report. And then there's . . . it will go to the ICANN Board, and then there will need to be implementation.

So the policy development process, the hope is is that that will be completed by April 2020. I think if they can get this report out in July, that can happen. I think if it slips further, you might see that April date slip. And then Phase 2, which is the UDRP review component of this, that will start right off the back of completion of the Phase 1 PDP. So no shortage of work. Lots to do. But this is starting to wind down. It's been definitely a long, long process.

Another PDP, it seems like there's no shortage of them. But all these are running subsequently, sorry, concurrently. And it's definitely a big challenge to get everybody's attention and kind of brains on these things. But the next one is also related to the first round of new gTLDs, and again it was something that was promised would happen is, okay, let's look at that, all the procedures that go into evaluating and launching TLDs. And so those were things that were in the Applicant Guidebook of the New gTLD Program. So that is what the Subsequent Procedures PDP is looking at.

There are some general, overarching issues. As the first round of the program kind of evolved, there really wasn't a recognition in the first round and in the Applicant Guidebook of there were two types of TLDs in that round. One was open and one was community.

But as many people now know, other kind of categories have evolved and have kind of arisen. We have things like dot brands. We have things like geo TLDs. They all have got sort of different needs and different kind of communities that utilize them. So does the next round need to kind of recognize these different types?

The second thing is there needs to be more predictability. There needs to be more community engagement. I think if you were around in 2010, 2011, 2012, there was this sort of like I would say slow ramp-up of awareness of the program. And I think by the end, it was pretty much at a fever pitch, and a lot of people I would say in the trademark community were aware of it. But globally, I don't think there was global awareness of the program. And I think where the applications come from really kind of speak to that. You see a high concentration in the U.S., followed by AMEA, followed by a APAC, with very low rates in emerging countries like Africa, the Middle East. You don't see a whole lot out of Latin America.

So there needs to be better community engagement, better awareness. There also needs to be more predictability. Like I mentioned, there were a lot of bumps. The applications were taken in 2012. The first TLD didn't launch until end of October, beginning of November of 2013. And it really wasn't until 2014, 2015 did we get a lot of them launched. So it was a long process.

And then there's this notion that do these TLD applications always need to be taken in rounds, like kind of defined windows, or should there be an open window and just ongoing ability to apply? I think there's some for that, some against that. I don't think we're there yet. I know we're not there yet. I think that is where ICANN is trying to drive to and many people in the community. But I definitely see Round 2 being a defined window. I don't think it's going to be an open period.

But nonetheless, this Subsequent Procedures PDP is looking at that. And they have different work tracks that they kind of divided the work into. And so you can see them here. There's five work tracks that kind of divide up that work.

Now they've been working hard, again, for a long time, just like the Rights Protection Mechanisms PDP, and they are trying to wind things up. I will tell you Work Track 5, which is the issues around geographical names, it's an issue that is very near and dear to the GAC, very sensitive to commercialization of country names, country two-letter codes, or other kind of geographic designations, rightfully so. There's a balance to be found. We're getting closer, but I don't think we're quite there yet. But that's really . . . Work Track 5 is definitely lagging behind, but again, trying to catch up.

They're really working to complete their final report by the end of 2019. Again, I think that's potentially possible, but it's going to take a quick kind of burst of energy and effort I think to get that over the finish line. So we'll continue to watch for that. I definitely think that we are likely to see some need for adjustments to the Applicant Guidebook. So stay tuned on that one.

So related to these last two PDP, the ones on RPM and Subsequent Procedures, there's a lot of question around, "Well, when will Round 2 be?" There is pressure within the community about getting to Round 2. There's some people who regretted not applying in Round 1. There's others who have kind of changed their view of the program.

There's still a fair number of people saying the New gTLD Program was not a success. There hasn't been high utilization. There hasn't been this kind of, I think, the volume of registrations that many people were projecting. But I also think success is defined in different ways than just how many domain names you sell. And especially when it comes to ones like brands and geos, I think some of it is about sort of an identity.

And so, anyway, there's a significant pressure to get to Round 2. I would say not everybody shares that desire, but there is a fair amount of people who do want to get there. ICANN is definitely trying to build some momentum towards that. Right before the ICANN 65, they published a discussion paper entitled "ICANN Org's Readiness to Support Future Rounds of New gTLDs."

Their explanation for doing this is like, look, there's a lot of policy stuff that needs to be done and has been underway for a long time. But there's also a lot of stuff that ICANN, the organization needs to do, systems, people, processes that they need to put in place to be ready when all the policy work is done. And they're trying to get some budget and some kind of momentum going where they could put a flag in the sand and say, "We're going to do it by this date." There's also quite honestly, ICANN is a nonprofit organizations. They've grown in size. Their staff has definitely grown. There are some, I think, budgetary concerns around being able to keep all those people who now have kind of gained experience in this program.

And so I think the longer and longer and longer that they wait to get to Round 2 the fear is they'll lose some of that expertise, they'll lose some of that staff, whether it be through attrition or potentially just not being able to continue to afford them, because, again, the registration volumes have not been huge and ICANN generates revenue through domain registration. So a portion of every domain name registration, about 20 cents, goes on every domain names ICANN, and that goes to their budget. So there's definitely this feeling that we need to get on with it within ICANN. There are a lot of consultants out there and some I would say boutique registries and registrars that they need Round 2 to come fast to survive. They need that revenue infusion, and so they are banging the drum hard.

So you'll probably hear a lot of ICANN is getting ready. It's going to happen. I've heard some people predict it will be the end of 2020. I'm going to tell you, my guess is no. It's likely going to be closer to be closer to 2022. Hard to say. So, with that being said, I wouldn't worry about writing any checks this year. But certainly we'll keep you apprised.

Just a few other things. I probably won't go much into each, but they'll definitely be in the deck that you can download those things that you should be aware of in terms of meeting updates. There's been since 2016, there was a Privacy and Proxy Provider Accreditation Policy that was approved by the ICANN Board. It's been an issue in the community for a really long time, privacy and proxy. There's been a lack of kind of oversight and control of privacy and proxy providers.

A PDP happened. A policy was adopted. IRT was formed in 2016. They've been kind of chugging along. But now with all this GDPR stuff and the EPDP stuff that happened afterwards, they have now officially put that on hold.

So many people are disappointed. I can understand the challenges of these issues and how they collide. But we have to figure out how to get to the end of this process.

.amazon, I think the last time we were together for this webinar series, I told you Amazon had got the green light, or we're close to getting the green light. Well, they did get the green light, but now it's back on yellow. So we'll continue to watch that. I think a lot of people are interested in what happens there given Amazon's kind of profile on the internet and the weight that it could carry if they actively use that TLD. So we'll continue to watch.

Colombia has kind of stepped forward and filed a motion for reconsideration of ICANN's decision to approve the application. The Latin American community that's in that Amazon region is very unhappy with ICANN right now.

And the GAC Communiqué, which is always their sort of summary of the meeting and the issues that they want ICANN to further consider, the three kind of concerns that they highlighted or really emphasized in their communiqué was around two-letter country codes and second-level domains, that continues to be a concern for them, ICANN's approval of the Amazon application, and then the timing for EPDP Phase 2 completion. Again, they're very concerned for security reasons about the lack of access to WHOIS.